Many communications systems currently use authentication and encryption to enhance security of the systems. These communication systems include cellular radio telephone communication systems, personal communication systems, paging systems, as well as wireline and wireless data networks. By way of example a cellular communication system will be described below; however, it will be appreciated by those skilled in the art that the authentication and encryption techniques described can be readily extended to other communication systems without departing from the scope and spirit of the present invention. Turning now to cellular communication systems, these systems typically include subscriber units (such as mobile or portable units) which communicate with a fixed network communication unit via radio frequency (RF) communication links. A typical cellular communication system includes at least one base station (i.e., communication unit) and a switching center. The switching center that a subscriber unit accesses may not be his "home" switching center. In this case, the subscriber unit is termed a roaming subscriber unit. The switching center which the subscriber unit accessed (termed the "visited" switching center) must communicate with his "home" switching center via the public switched telephone network (PSTN) or other type of connection such as a satellite link to retrieve information about the subscriber unit and provide service billing information back to the "home" switching center (i.e. "home" communication system).
One responsibility of the fixed network communication unit is to grant use of the communication system to the subscriber unit after the requesting subscriber unit meets the authentication requirements of the system. In a typical cellular telephone communication system, each subscriber unit is assigned a telephone number (mobile identification number) (MIN) (hereinafter referred to as a first subscriber unit identifier) and an identification number (or serial number) (SN) (hereinafter referred to as a second subscriber unit identifier) which uniquely identifies the subscriber to any fixed network communication unit. Each subscriber unit has a unique identification number that distinguishes it from other subscriber units. The fixed network communication unit has access to these identification numbers through a database. Often these numbers are used by the fixed network communication units to bill subscribers for the time the subscriber uses the system. In the case of a roaming subscriber unit, the "visited" switching center must communicate with the subscriber's "home" system database to authenticate and bill the subscriber unit. If this communication is required for each call a subscriber unit makes, significant call setup delays will occur. When the subscriber calls another unit, he enters the phone number (i.e., dialed digits) to be called. The dialed phone number becomes the data to be sent to the fixed network communication unit. Data may also include other information regarding a third communication unit such as a unit's location.
Detection of a legitimate subscriber's identification number may be accomplished by RF eavesdropping or by purposeful or inadvertent divulgence of the MIN/SN combination by the radio telephone installer. Once the subscriber's telephone number and identification number is known (stolen), a thief may reprogram another subscriber unit with the stolen identification number causing two or more subscriber units to have the same MIN/SN combination. Cellular radio telephone systems have authentication procedures to deny access to subscribers not having legitimate identification numbers, but do not have the capability to detect multiple users or effectively neutralize the effect of an installer leaking subscriber identification numbers. Therefore, the legitimate user is billed for both the thief's use and his own use.
Several authentication techniques are known. EIA-553 section 2.3 specifies that each subscriber shall have a MIN and a factory set SN. The telephone number which the subscriber is attempting to contact is the data that is transmitted by the subscriber to the fixed network communication unit. Authentication is granted by this system if the MIN and corresponding SN are found in the fixed network communication unit database. Unfortunately, EIA-553 does not require the encipherment of the MIN or SN before transmission to the fixed network communication unit thereby permitting direct RF detection of any MIN or SN. In addition, this technique fails to provide protection against a thief that acquires a MIN/SN from an installer.
Another authentication technique is described in European cellular communication system recommendations generated by the Groupe Special Mobile (GSM); see sections: 02.09, 02.17, 03.20, and 12.03. This method additionally requires the subscriber to openly transmit a temporary mobile subscriber ID (TMSI) to the fixed network communication unit; the fixed network communication unit generates and sends a random number (RAND) to the subscriber. The enciphering technique requires the subscriber unit to autonomously retrieve at least three enciphering elements from its memory: a predetermined ciphering key, an SN (individual subscriber authentication key) and a MIN (international mobile subscriber identification number--IMSI). The subscriber then enciphers its SN and MIN using the cipher to construct the RAND into a signed response (SRES). The subscriber unit transmits this signed response back to the fixed network communication unit where the fixed network communication unit checks the SN, MIN, and ciphering key against its database using the subscriber's temporary ID (TMSI).
The fixed network communication unit generates its response to the same random number using the information retrieved from the database and compares the subscriber signed response to the fixed network communication unit generated response. If the responses are substantially equivalent, authentication is confirmed. The dialed telephone number is only allowed to be transmitted after authentication is granted. This system affords some protection against a thief that acquires the MIN/SN from an installer by enciphering the SN and reassigning a temporary TMSI each time the subscriber enters a different cell area.
Yet another authentication technique is described in the United States Digital Cellular (USDC) standard (known as IS-54 and IS-55) and published by the Electronic Industries Association (EIA), 2001 Eye Street, N.W., Washington, D.C. 20006. The USDC authentication technique like each of the previously mentioned techniques utilizes a series of specialized messages which must be passed between the subscriber unit and a communication unit of the communication system before system access is granted. However, the USDC technique employs a "global challenge" on the common signaling channel (e.g., a random access channel or a pilot channel) and utilizes shared secret data (SSD) (i.e., encrypting keys known to a subscriber unit and a communication unit which form a communication link) for an authentication (i.e., the SSD.sub.A key) and a voice privacy function (i.e., the SSD.sub.A key). The initial transmitted subscriber message contains an authentication response, but no other data is encrypted. The command to begin an encryption process is sent from the service provider to the subscriber after the subscriber has been assigned a traffic channel.
The problem with each of these authentication techniques is that none of the techniques can provide a traffic channel and enable message encryption on the basis of a single message transmission from the subscriber unit to the communication unit. In addition, the "global challenge" system used in USDC may provide a fraudulent user with an opportunity to mimic the call set-up messages of a legitimate subscriber, if the "global challenge" is not changed often. For example, a user may abort the call set-up process shortly after responding to the "global challenge". If the "global challenge" has not changed, a fraudulent user might mimic the authentication response in order to be assigned a traffic channel to some unwanted target telephone number, because the dialed digits (i.e., telephone number) are included in the authentication response. If encryption is never enabled and the fraudulent user can change the call termination (i.e., who is to be called), then that user can get a free call. Although this scenario is considered to be unlikely, it could become a more significant problem in a densely populated personal communication system. Therefore, a need exists for an authentication technique which can alleviate these problems.
In addition to authentication techniques, many communication systems are also being designed to implement secure/encrypted communications. In these communication systems, a packetized data also needs to be encrypted. Packetized data adds an additional problem to the typical encryption process. This problem arises because packets of data may arrive at different times at a subscriber unit of a communication unit (i.e., packet messages are "connectionless"). These packets need to be reassembled and decrypted in the same order in which they were encrypted. In addition, an encryption key can only be negotiated when a subscriber performs a registration. Therefore, a need exists for an encryption technique which can alleviate these problems associated with packetized data.